[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 28 21:12:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20fdf101 by security tracker role at 2024-08-28T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2024-8195 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2024-7745 (In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical ...)
+ TODO: check
+CVE-2024-7744 (In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitat ...)
+ TODO: check
+CVE-2024-7447 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
+ TODO: check
+CVE-2024-7269 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
+ TODO: check
+CVE-2024-6450 (HyperViewGeoportal Toolkit in versions though8.2.4 is vulnerable to Re ...)
+ TODO: check
+CVE-2024-6449 (HyperViewGeoportal Toolkit in versions though8.2.4 does not restrict c ...)
+ TODO: check
+CVE-2024-6053 (Improper access control in the clipboard synchronization feature in Te ...)
+ TODO: check
+CVE-2024-5546 (ZohocorpManageEngine Password Manager Pro versions before 12431 andMan ...)
+ TODO: check
+CVE-2024-45054 (Hwameistor is an HA local storage system for cloud-native stateful wor ...)
+ TODO: check
+CVE-2024-45043 (The OpenTelemetry Collector module AWS firehose receiver is for ingest ...)
+ TODO: check
+CVE-2024-44915 (An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 a ...)
+ TODO: check
+CVE-2024-44914 (An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 a ...)
+ TODO: check
+CVE-2024-44913 (An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 a ...)
+ TODO: check
+CVE-2024-44761 (An issue in EQ Enterprise Management System before v2.0.0 allows attac ...)
+ TODO: check
+CVE-2024-44760 (Incorrect access control in the component /servlet/SnoopServlet of She ...)
+ TODO: check
+CVE-2024-43805 (jupyterlab is an extensible environment for interactive and reproducib ...)
+ TODO: check
+CVE-2024-42905 (Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 ...)
+ TODO: check
+CVE-2024-42900 (Ruoyi v4.7.9 and before was discovered to contain a cross-site scripti ...)
+ TODO: check
+CVE-2024-42793 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
+ TODO: check
+CVE-2024-42698 (Roughly Enough Items (REI) v.16.0.729 and before contains an Improper ...)
+ TODO: check
+CVE-2024-41565 (JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Valida ...)
+ TODO: check
+CVE-2024-41564 (EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Valid ...)
+ TODO: check
+CVE-2024-41236 (A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Re ...)
+ TODO: check
+CVE-2024-34198 (TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulne ...)
+ TODO: check
+CVE-2024-34195 (TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vu ...)
+ TODO: check
+CVE-2024-20478 (A vulnerability in the software upgrade component of Cisco Application ...)
+ TODO: check
+CVE-2024-20446 (A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software coul ...)
+ TODO: check
+CVE-2024-20413 (A vulnerability in Cisco NX-OS Software could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20411 (A vulnerability in Cisco NX-OS Software could allow an authenticated, ...)
+ TODO: check
+CVE-2024-20289 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
+ TODO: check
+CVE-2024-20286 (A vulnerability in the Python interpreter of Cisco NX-OS Software coul ...)
+ TODO: check
+CVE-2024-20285 (A vulnerability in the Python interpreter of Cisco NX-OS Software coul ...)
+ TODO: check
+CVE-2024-20284 (A vulnerability in the Python interpreter of Cisco NX-OS Software coul ...)
+ TODO: check
+CVE-2024-20279 (A vulnerability in the restricted security domain implementation of Ci ...)
+ TODO: check
CVE-2024-8231 (A vulnerability classified as critical has been found in Tenda O6 1.0. ...)
NOT-FOR-US: Tenda
CVE-2024-8230 (A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated ...)
@@ -46,7 +116,7 @@ CVE-2024-4555 (Improper Privilege Management vulnerability in OpenText NetIQ Acc
NOT-FOR-US: (OpenText) NetIQ Access Manager
CVE-2024-4554 (Improper Input Validation vulnerability in OpenText NetIQ Access Manag ...)
NOT-FOR-US: (OpenText) NetIQ Access Manager
-CVE-2024-45346 (A code execution vulnerability exists in the XiaomiGetApps application ...)
+CVE-2024-45346 (The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon an ...)
NOT-FOR-US: XiaomiGetApps application
CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based projects. It i ...)
TODO: check
@@ -163,7 +233,7 @@ CVE-2024-8046 (The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Lo
NOT-FOR-US: WordPress plugin
CVE-2024-7989
REJECTED
-CVE-2024-7608 (An authenticated user can download sensitive files from Trellix produc ...)
+CVE-2024-7608 (An authenticated user can access the restricted files from NX, EX, FX ...)
NOT-FOR-US: Trellix
CVE-2024-7304 (The Ninja Tables \u2013 Easiest Data Table Builder plugin for WordPres ...)
NOT-FOR-US: WordPress plugin
@@ -907,17 +977,17 @@ CVE-2024-6502 (An issue was discovered in GitLab CE/EE affecting all versions st
- gitlab <unfixed>
CVE-2024-45201 (An issue was discovered in llama_index before 0.10.38. download/integr ...)
NOT-FOR-US: llama_index
-CVE-2024-45193 (An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The ...)
+CVE-2024-45193 (An issue was discovered in Matrix libolm through 3.2.16. There is Ed25 ...)
- olm <unfixed> (bug #1079487)
NOTE: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
NOTE: libolm is deprecated upstream:
NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
-CVE-2024-45192 (An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cac ...)
+CVE-2024-45192 (An issue was discovered in Matrix libolm through 3.2.16. Cache-timing ...)
- olm <unfixed> (bug #1079487)
NOTE: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
NOTE: libolm is deprecated upstream:
NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985
-CVE-2024-45191 (An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The ...)
+CVE-2024-45191 (An issue was discovered in Matrix libolm through 3.2.16. The AES imple ...)
- olm <unfixed> (bug #1079487)
NOTE: https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
NOTE: libolm is deprecated upstream:
@@ -5711,9 +5781,9 @@ CVE-2024-41376 (dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/s
NOT-FOR-US: dzzoffice
CVE-2024-41200 (A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a ...)
NOT-FOR-US: KMPlayer (different from src:kmplayer)
-CVE-2024-40531 (An issue in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.4 ...)
+CVE-2024-40531 (A mass assignment vulnerability exists in Pantera CRM versions 401.152 ...)
NOT-FOR-US: UAB Lexita PanteraCRM CMS
-CVE-2024-40530 (Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401. ...)
+CVE-2024-40530 (A vulnerability in Pantera CRM versions 401.152 and 402.072 allows una ...)
NOT-FOR-US: UAB Lexita PanteraCRM CMS
CVE-2024-40498 (SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem ...)
NOT-FOR-US: PuneethReddyHC Online Shopping sysstem
@@ -18565,13 +18635,16 @@ CVE-2024-36396 (Verint - CWE-434: Unrestricted Upload of File with Dangerous Typ
NOT-FOR-US: Verint
CVE-2024-36395 (Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags i ...)
NOT-FOR-US: Verint
-CVE-2024-35328 (libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the fu ...)
+CVE-2024-35328
+ REJECTED
NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
NOTE: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
-CVE-2024-35326 (libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issu ...)
+CVE-2024-35326
+ REJECTED
NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
NOTE: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
-CVE-2024-35325 (A vulnerability was found in libyaml up to 0.2.5. Affected by this iss ...)
+CVE-2024-35325
+ REJECTED
NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
NOTE: https://github.com/yaml/libyaml/issues/297
CVE-2024-34130 (Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affe ...)
@@ -19781,7 +19854,8 @@ CVE-2024-36303 (An origin validation vulnerability in the Trend Micro Apex One s
NOT-FOR-US: Trend Micro
CVE-2024-36302 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
NOT-FOR-US: Trend Micro
-CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_do ...)
+CVE-2024-35329
+ REJECTED
NOTE: disputed libyaml issue, to be rejected
CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...)
{DSA-5715-1 DLA-3838-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20fdf101738bfeb4b6f11281c64700296fa1224a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20fdf101738bfeb4b6f11281c64700296fa1224a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240828/667986bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list